Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4a7d47fc by Moritz Muehlenhoff at 2026-06-25T15:18:29+02:00 new pdns-rec issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,9 +1,50 @@ +CVE-2026-52690 + - pdns-recursor <unfixed> + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-52690-spoofed-answers-can-mark-an-authoritative-non-edns-capable +CVE-2026-42387 + - pdns-recursor <unfixed> + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42387-insufficient-input-validation-in-zonetocache +CVE-2026-42388 + - pdns-recursor <unfixed> + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42388-missing-input-validation-for-catalog-zones +CVE-2026-42389 + - pdns-recursor <unfixed> + [trixie] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x) + [bookworm] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x) + [bullseye] - pdns-recursor <not-affected> (Vulnerable code not present, only affects 5.4.x) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42389-reject-more-queries-with-invalid-header-values +CVE-2026-42390 + - pdns-recursor <unfixed> + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42390-zonemd-validation-can-be-bypassed CVE-2026-42005 + - pdns-recursor 5.3.0-1 + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) - pdns <unfixed> [bookworm] - pdns <end-of-life> (See #1119290) [bullseye] - pdns <end-of-life> (see DLA 4471) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-42005-unbounded-resource-consumption-in-internal-webserver + NOTE: Only affects 5.2.x, marking first 5.3 upload as fixed version NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-07.html NOTE: https://github.com/PowerDNS/pdns/commit/11e4f2da8259e5070e7a193f48d23ade38b71dc0 +CVE-2026-40012 + - pdns-recursor <unfixed> + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-40012-information-about-ecs-zero-scoped-answers-might-leak-to-clients-that-use-a-specific-ecs +CVE-2026-33612 + - pdns-recursor <unfixed> + [bookworm] - pdns-recursor <end-of-life> (see DSA 6045) + [bullseye] - pdns-recursor <end-of-life> (see DSA 6045) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html#cve-2026-3361-zonetocache-can-poison-the-cache CVE-2026-53276 [Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer] - linux 7.0.13-1 [trixie] - linux <not-affected> (Vulnerable code not present) ===================================== data/dsa-needed.txt ===================================== @@ -67,6 +67,8 @@ pdfminer (carnil) -- pdns (jmm) -- +pdns-recursor (jmm) +-- perl (carnil) Comment from maintainer: I'd prefer to wait until upstream gets the point releases out -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7d47fc0b30aa0ae9a6afc5835aba21afeab48b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a7d47fc0b30aa0ae9a6afc5835aba21afeab48b You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
